-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Typechecker query / issue? #930
Comments
To see what's going on here, we can get Cryptol to show the queries and responses between the typechecker and the solver by entering Now, after the usual preamble of
On the other hand,
It does seem weird that these two queries would give a different result, because they both have the same form: Assume
So basically what's happening is that the solver isn't clever enough to prove one of the queries that we send it, and it returns a spurious counterexample instead. We could complain that the solver is not clever enough, but maybe we could do something to make its job a bit easier. |
I should also mention that the reason why the last variation with |
@brianhuffman if you have any ideas on useful ad-hoc properties that might help, potentially useful locations in the typechecker are:
|
It might help me understand what the solver is doing wrong if I could see what the spurious satisfying assignment the solver came up with in this case. Do we have a way to do that? Or maybe I should just cut-and-paste the |
I usually just do the copy paste, but it might be nice to have something more structured. The interaction with the external solver is in |
I should point out another data point: Change the type signature from |
I imagine it's because the |
We could probably add an axiom that related |
One idea would be an axiom stating that |
Yeah, that might work, and I think it would play OK with Z3's universal axiom triggering mechanism. I suppose we could also have, e.g., |
This fixes issue #734, and partially addresses #930. The basic issue with 734 was that the solver was chosing spurious counterexamples for the exponent function; in particular, models where the output was not at least 1. The fairly restricted axiom we add here just says that the exponent function is at least as large as its base for positive inputs.
This fixes issue #734, and partially addresses #930. The basic issue with 734 was that the solver was chosing spurious counterexamples for the exponent function; in particular, models where the output was not at least 1. The fairly restricted axiom we add here just says that the exponent function is at least as large as its base for positive inputs.
Hey Galois 😄 👋
In Cryptol 2.9.1:
Cryptol complains that it doesn't know at compile-time that
width(2^^r)
is small enough to fit inr+1
bits, for allr
. I think that's because it can't evaluate2^^r
until it seesr
, which it doesn't see till run-time. This seems perfectly reasonable.So you can add the constraint, and
compiles perfectly.
Given
Cryptol complains that is doesn't know at compile-time that
width(2^^r-1)
is small enough to fit inr
bits, similar to before. But this time, if you add the minimum constraint it needs, it still barfs. Adding the constraint(width(2^^r-1)==r)
doesn't work, because Cryptol somehow doesn't see that the2^^r-1
in the constraint is equal to the2^^r-1
in the function definition(!) One resolution is as follows:I'm not quite sure why replacing the equality with an inequality forces it down a different logical pathway, but apparently it does. I think this counts as a bug(?), because I believe Cryptol should be able to deduce
A>=B
fromA==B
in all circumstances.Any thoughts?
Thanks :-)
Martin
The text was updated successfully, but these errors were encountered: